CVE-2026-48117

DroneAware is a drone detection platform. The centralized DroneAware server backing droneaware.io was vulnerable to an account pre-hijacking attack in which an attacker could register an account using a victim's email address with an attacker-controlled password before the victim completed accoun...

EUVD-2022-34269

Malicious code in bioql PyPI...

EUVD-2022-34270

Malicious code in bioql PyPI...

CosmodiumCS OnlyRAT 安全漏洞

CosmodiumCS OnlyRAT is a remote access Trojan by the CosmodiumCS individual developer, primarily used to demonstrate and study how remote control malware works. A security vulnerability exists in CosmodiumCS OnlyRAT 3.2 and earlier versions, which stems from a misuse of the parameter...

Devolutions Server <= 2025.2.5.0 Deadlock (DEVO-2025-0013) (CVE-2025-8312)

The version of Devolutions Server installed on the remote host is prior or equial to 2025.2.5.0 and is, therefore, affected by a deadlock vulnerability: - Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out...

CVE-2022-29965

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...

CVE-2022-29962

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

CVE-2022-29964

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. WIOC SSH provides access to a shell as root, DeltaV, or backup via hardcoded credentials. NOTE: this is different from CVE-2014-2350...

CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from...

CVE-2022-29962

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

CVE-2022-29962

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. FTP has hardcoded credentials but may often be disabled in production. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350...

CVE-2022-29965

The Emerson DeltaV Distributed Control System DCS controllers and IO cards through 2022-04-29 misuse passwords. Access to privileged operations on the maintenance port TELNET interface 23/TCP on M-series and SIS CSLS/LSNB/LSNG nodes is controlled by means of utility passwords. These passwords are...

CVE-2022-29965

The CVE-2022-29965 issue affects Emerson DeltaV Distributed Control System (DCS) controllers and IO cards up to 2022-04-29. The maintenance-port passwords (TELNET, 23/TCP) are generated by a deterministic, insecure algorithm using a single low-entropy seed (day/hour/minute timestamp). The seed is...

CVE-2020-28086

pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, a...